Senior Staff Security Infrastructure Engineer

Confirmed live in the last 24 hours

Bloomreach

Czechia

Remote

Posted April 1, 2026

Job Description

Bloomreach is building the world’s premier agentic platform for personalization.We’re revolutionizing how businesses connect with their customers, building and deploying AI agents to personalize the entire customer journey.

We're taking autonomous search mainstream, making product discovery more intuitive and conversational for customers, and more profitable for businesses.
We’re making conversational shopping a reality, connecting every shopper with tailored guidance and product expertise — available on demand, at every touchpoint in their journey.
We're designing the future of autonomous marketing, taking the work out of workflows, and reclaiming the creative, strategic, and customer-first work marketers were always meant to do.

And we're building all of that on the intelligence of a single AI engine — Loomi AI — so that personalization isn't only autonomous…it's also consistent.From retail to financial services, hospitality to gaming, businesses use Bloomreach to drive higher growth and lasting loyalty. We power personalization for more than 1,400 global brands, including American Eagle, Sonepar, and Pandora.

The Senior Staff Security Infrastructure Engineer owns current and target-state data architectures and reporting while also designing, implementing, and monitoring cloud (AWS/GCP) infrastructure security controls; deploying, securing, configuring, and operating SIEM and other security resources; identifying, triaging, and remediating infrastructure and web vulnerabilities; leading incident triage and external-researcher engagement; and mentoring junior staff.

You can work in one of our Central Europe offices (Bratislava, Brno, Prague) or from home in Central and Eastern Europe on a full-time basis.

Role summary and core responsibilities

6+ years of relevant experience; candidates must demonstrate proficiency in cloud security, network security, URL filtering, common security frameworks, and CVE lifecycle management; practical IaC and scripting for automation; strong cross-functional and external communication; and experience mentoring junior staff.

Technical Skills:

Hands-on cloud security for AWS and GCP: design secure architectures, perform threat modeling, apply platform-native controls, and build/validate secure IaC.
SIEM ownership and detection engineering: deploy, configure, tune, and maintain SIEM; author and test detection rules and playbooks; integrate data sources; and operate with SLA-driven alerting and incident workflows.
Vulnerability and incident lifecycle ownership: identify, triage, and remediate infrastructure and web vulnerabilities
Drive CVE lifecycle management and patching: perform root cause analysis and measure MTTR and remediation rates.
Network, web, and endpoint protections: design and manage firewalls, WAFs, cloud network controls, URL/web filtering, with demonstrable operational experience.
Secure automation and tooling: author automation for detection, alert enrichment, and remediation; build or extend security tooling using scripting or languages such as Python, Go, or Bash.
Infrastructure as code and secure CI pipelines: implement guar